oss-sec mailing list archives
Re: CVE request: mtr
From: Jonathan Smith <smithj () freethemallocs com>
Date: Tue, 20 May 2008 18:50:39 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert Buchholz wrote | Secunia suggests [1] that 0.73 contains a fix. Did you find any indication | to that? The advisory mentions 0.72 as vulnerable, but it is also dated | February 28. The last mtr was released on April 7, but it seems to me all | changes are unrelated. The issue was an insecure use of sprintf in split_redraw(). In 0.73, uptream changed this to use snprintf, thus fixing the issue. smithj -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkgzjf4ACgkQCG91qXPaRekhhACeKPMka0sknIpsV4gtS1zojRl6 jKYAoIrwOd4pxgvxetx39dlJ4fhll2Su =gZQa -----END PGP SIGNATURE-----
Current thread:
- CVE request: mtr Jonathan Smith (May 20)
- Re: CVE request: mtr Robert Buchholz (May 20)
- Re: CVE request: mtr security curmudgeon (May 20)
- Re: CVE request: mtr Jonathan Smith (May 20)
- Re: CVE request: mtr Jonathan Smith (May 20)
- Re: CVE request: mtr security curmudgeon (May 20)
- Re: CVE request: mtr Steven M. Christey (May 20)
- Re: CVE request: mtr Robert Buchholz (May 20)